Re: shutting down dictionary attacks

From: Guillaume Vissian (somebodyishere_at_gmail.com)
Date: 07/04/05

  • Next message: Brian J. Woods: "Re: shutting down dictionary attacks"
    Date: Mon, 4 Jul 2005 09:47:02 +0200
    To: secureshell@securityfocus.com
    
    

    Are you using password login or Public key, perhaps it's the way, you
    disable the password login and script kiddies are immediately
    rejected...

    G.

    2005/7/2, Josh Grosse <josh@jggimi.homeip.net>:
    > I run OpenBSD 3.7 with OpenSSH 4.1, and found that even with:
    >
    > PermitRootLogin no
    > PasswordAuthentication no
    > Protocol 2
    > ChallengeResponseAuthentication no
    >
    > Using OpenSSH or Putty from test PCs, I couldn't supply a password, but the
    > script kiddies were still finding a way to make password attacks. Obviously,
    > their skills are certainly better than mine.
    >
    > Searching The Fine Archive, I found
    > http://marc.theaimsgroup.com/?l=secure-shell&m=109755336414758&w=2
    >
    > which suggests
    >
    > PAMAuthenticationViaKbdInt no
    >
    > as an additional config setting. It's not applicable to OpenSSH 4.1
    > on OpenBSD. But, poking through sshd(8) I found:
    >
    > KerberosOrLocalPasswd no
    >
    > After adding that to my config, it *seems* like my attacks may have
    > been stopped. At least, they're no longer being logged.
    >
    > Any thoughts on whether this change will be effective, or if this was just
    > serendipitous?
    >
    > -Josh Grosse-
    >


  • Next message: Brian J. Woods: "Re: shutting down dictionary attacks"

    Relevant Pages

    • Re: AIX 5.3 TL11 + OpenSSH 5.2: public key authentication not working?
      ... SSH only works when one removes the ... ~/.ssh directory and does a password login or the public key ... Public key authentication works on an older AIX 5.3 TL release with an ...
      (comp.unix.aix)
    • Re: shutting down dictionary attacks
      ... > Are you using password login or Public key, perhaps it's the way, you ... > disable the password login and script kiddies are immediately ... standard clients (Putty/OpenSSH/Portable OpenSSH), and there is no ...
      (SSH)